Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

pokapoka70.exe


  • This topic is locked This topic is locked

#1
Kenoli

Kenoli

    New Member

  • Member
  • Pip
  • 3 posts
I have followed the steps on http://www.geekstogo...-Log-t2852.html which removed quite alot of malware from my system, but "pokapoka70.exe" still remains and continues to annoy me (by doing whatever-the-[bleep] it's doing), and I want it gone.

There's probably a bunch of other stuff hanging around too. Anyway, here's my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 3:06:47 AM, on 10/1/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\msnzx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\etb\pokapoka70.exe
C:\Program Files\Citrus Alarm Clock\citrusac.exe
C:\Program Files\Process Viewer\PrcView.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kenoli\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://knu-konceptz.com/free.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [Media-XP-Service-Pack3] msnzx.exe
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [System service70] C:\WINDOWS\\\etb\\pokapoka70.exe
O4 - HKLM\..\Run: [SystemTraySD] C:\WINDOWS\System32\SDSystemTray.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\RunServices: [Media-XP-Service-Pack3] msnzx.exe
O4 - HKCU\..\Run: [Media-XP-Service-Pack3] msnzx.exe
O4 - HKCU\..\Run: [Citrus Alarm Clock] C:\Program Files\Citrus Alarm Clock\citrusac.exe
O4 - HKCU\..\RunServices: [Media-XP-Service-Pack3] msnzx.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1126999467968
O16 - DPF: {BAB3E70B-A847-4A88-ACFC-778FCCC00287} (CActSetupObj Object) - http://www.odysseusm...om/actsetup.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4A46933-E590-4C67-822D-A3708F8E5F5A}: NameServer = 209.244.0.3 209.244.0.4
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NetDDE Server (NetDDEsrv) - Unknown owner - C:\WINDOWS\System32\netddesrv.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

Advertisements


#2
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Welcome Kenoli to Geeks to Go!

Download LQfix.exe and place it on your desktop.
Doubleclick LQfix.exe and click install.
This will create a new folder called LQfix on your desktop.
Open the folder and doubleclick ClickThis.bat
Follow the prompts on the screen.
Your system will reboot afterwards.
Please be patient after reboot, because there is a script running in the background.

Post back to this topic with a fresh HijackThis log, there's more to be done.

Edited by g2i2r4, 01 October 2005 - 05:10 AM.

  • 0

#3
Kenoli

Kenoli

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
From ClickThis.bat:
LQfix by miekiemoes
Thanks to Merijn for his Brute Force Uninstaller

Close all open programs except this window!
Please wait ......
Make sure you have a working internetconnection.

A prompt will open soon.

Click Yes for restart
If your system doesn't restart automatically, please restart manually.


LQfirst.bfu and/or LQsecond.bfu NOT PRESENT! Please post this at the forum!

Press any key to continue . . .

HijackThis will no longer run, it closes right after it starts.
  • 0

#4
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Can you tell me where it installed to (full path to the foldername please)?
Can you also tell me what files are in that folder?
  • 0

#5
Kenoli

Kenoli

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
C:\Documents and Settings\Kenoli\Desktop\LQfix

ClickThis.bat
unins000.dat
unins000.exe

---
Also, I rebooted again and now HijackThis works.

Edited by Kenoli, 02 October 2005 - 12:08 AM.

  • 0

#6
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Can you please redownload LQfix and doubleclick LQfix.exe to install it. You need more files in there to make the tool work.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP